Legal

Privacy Policy

Version 1.1 · Effective April 17, 2026 · Last Updated April 17, 2026

SigmaForge Inc. is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform and Services. Please read this policy carefully.

1. Information We Collect

1.1 Information You Provide Directly

  • Account registration data: name, email address, password, job title, company name, industry
  • Payment information: billing address and payment card details (processed by our third-party payment processors; we do not store full card numbers)
  • Profile information: professional background, certifications, and learning goals
  • Course submissions, project files, assessments, and feedback
  • Communications with our support team
  • Survey responses and promotional sign-ups

1.2 Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, and time spent on pages
  • Device information: device type and unique device identifiers
  • Usage data: course progress, feature interactions, AI tool usage, and learning patterns
  • Cookies and similar tracking technologies (see Section 6)

1.3 Information from Third Parties

  • Single sign-on providers (e.g., Google, LinkedIn) if you choose to log in via those services
  • Payment processors regarding transaction confirmation and status
  • Analytics partners regarding aggregated Platform usage patterns

1.4 AI Tool and Project Data

When you use SigmaForge AI tools — including SigmaTutor™, PathForge™, and DataForge™ — we collect the inputs you provide (such as Fishbone diagrams, Control charts, DMAIC project data, and statistical inputs) and the AI-generated outputs produced during your session. This data is used to:

  • Provide real-time coaching and project validation via SigmaTutor™
  • Track your Belt Progress Overview and certification readiness
  • Generate automated project evaluations and improvement recommendations
  • Improve AI model performance using anonymized and aggregated data only

SigmaForge does not sell your project data to third parties. Identifiable project data is never used to train third-party AI models without your explicit consent.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and deliver the Services you request
  • Process payments and manage billing, including recurring subscription charges
  • Personalize your learning experience through AI-driven adaptive pathways (SigmaTutor, PathForge)
  • Issue certifications and track your progress through certification programs
  • Communicate with you about your account, purchases, and updates to our Services
  • Send marketing and promotional communications where you have opted in
  • Improve and develop our Platform, AI models, and Services through analytics and research
  • Detect, prevent, and respond to fraud, security incidents, and misuse
  • Comply with applicable legal obligations and enforce our Terms and Conditions
  • For enterprise clients: provide organizational analytics, ROI tracking, and performance reporting to authorized managers via executive dashboards
  • Use anonymized, aggregated data to refine PathForge™ adaptive learning pathways and improve AI coaching accuracy
  • For academic institution partners: provide curriculum progress and certification completion data to authorized faculty or administrators

3. Legal Basis for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to deliver the Services you have purchased or requested
  • Legitimate Interests: Processing for fraud prevention, platform security, product improvement, and direct marketing to existing customers, where such interests are not overridden by your rights
  • Consent: Processing for marketing communications and non-essential cookies, where you have given explicit prior consent
  • Legal Obligation: Processing required to comply with applicable laws, regulations, or court orders

You have the right to withdraw consent at any time where we rely on consent as our legal basis. Withdrawal does not affect the lawfulness of any processing carried out prior to withdrawal.

4. How We Share Your Information

4.1 We Do Not Sell Your Personal Data

SigmaForge does not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes.

4.2 Service Providers

We share data with trusted third-party service providers who assist us in operating the Platform, including payment processors, cloud hosting providers, email service providers, analytics tools, and customer support platforms. All service providers are contractually required to protect your data and use it only for the purposes we specify.

4.3 Corporate and Institutional Clients

If your account is provisioned through your employer or educational institution, we may share your learning progress, certification status, and usage data with the designated administrators of that account.

4.4 Legal Requirements

We may disclose your information if required by law, valid legal process (such as a court order or subpoena), or to protect the rights, property, or safety of SigmaForge, our users, or the public.

4.5 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you of any such change via email or prominent Platform notice.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services and comply with legal obligations.

  • Account data: retained for the duration of your account plus 3 years after account closure
  • Payment records: retained for 7 years for tax and accounting compliance
  • Course completion and certification records: retained for 7 years to support credential verification requests
  • Marketing data: retained until you opt out or withdraw consent
  • Server log data: retained for 90 days for security and performance monitoring purposes

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

  • Essential cookies: required for Platform functionality including authentication and session management
  • Performance cookies: help us understand how users interact with the Platform for analytics purposes
  • Functional cookies: remember your preferences and settings across sessions
  • Marketing cookies: used to deliver relevant content and advertisements where applicable

6.2 Your Cookie Choices

On your first visit to the Platform, you will be presented with a cookie consent notice. You may accept all cookies, reject non-essential cookies, or customize your preferences. You can also manage cookies through your browser settings, though disabling essential cookies may impair Platform functionality.

6.3 Do Not Track

Some browsers transmit Do Not Track (DNT) signals. Our Platform does not currently respond to DNT browser signals. We will update this policy if our practices change in this regard.

7. Your Privacy Rights

7.1 All Users

  • Access and update your account information at any time through your account settings
  • Opt out of marketing emails by clicking unsubscribe in any marketing email or by contacting info@sigmaforge.ai
  • Request deletion of your account by contacting info@sigmaforge.ai

7.2 California Residents (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months
  • Right to Delete: Request deletion of your personal information, subject to certain legal exceptions
  • Right to Correct: Request correction of inaccurate personal information we hold about you
  • Right to Opt Out of Sale or Sharing: SigmaForge does not sell or share personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: Where applicable under CPRA
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

To submit a California privacy request, contact us at info@sigmaforge.ai with the subject line: California Privacy Request.

7.3 EEA and UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data where there is no compelling reason for continued processing
  • Right to Restriction of Processing: Request that we limit how we process your data in certain circumstances
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes at any time
  • Right to Lodge a Complaint: Lodge a complaint with your local supervisory data protection authority

To exercise any of these rights, contact us at info@sigmaforge.ai. We will respond to verified requests within 30 days, or within the timeframe required by applicable law.

7.4 International Data Transfers

SigmaForge is headquartered in the United States. If you are located outside the US, your information may be transferred to and processed in the United States or other countries. Where we transfer data from the EEA or UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner’s Office.

8. Data Security and Infrastructure

SigmaForge takes the security of your personal information seriously. We implement the following technical and organizational safeguards:

  • Cloud Infrastructure: All data is securely stored using Amazon Web Services (AWS) in a multi-tenant cloud environment with role-based access controls (RBAC) limiting data access to authorized personnel only
  • Encryption: We use industry-standard encryption for data in transit (TLS/SSL) and data at rest
  • Access Controls: Internal access to personal data is restricted on a need-to-know basis
  • Security Assessments: We conduct regular security reviews and vulnerability assessments
  • Incident Response: We maintain documented incident response procedures and will notify affected users and applicable authorities of data breaches as required by law

No security system is impenetrable. While we work diligently to protect your information, we cannot guarantee absolute security. You are also responsible for maintaining the security of your account credentials.

9. Children’s Privacy

Our Platform and Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete such information. If you believe we have collected information from a child under 18, please contact us immediately at info@sigmaforge.ai.

10. Enterprise and B2B Data

For enterprise clients using our B2B Platform, the following additional terms apply:

  • Organizational data: We process organizational performance data, workflow metrics, and operational improvement data on behalf of enterprise clients as a data processor acting under their instruction
  • Data Processing Agreements (DPA): Enterprise clients subject to GDPR or UK GDPR may request a Data Processing Agreement in accordance with GDPR Article 28. DPAs are executed as part of enterprise onboarding. Contact info@sigmaforge.ai to initiate.
  • HIPAA: SigmaForge recognizes that some enterprise clients operate in regulated healthcare environments. For qualifying enterprise engagements involving Protected Health Information, SigmaForge is open to discussing Business Associate Agreement (BAA) arrangements as part of a separately negotiated enterprise agreement. HIPAA-compliant deployment configurations are not available under standard subscription tiers. Contact info@sigmaforge.ai to discuss enterprise healthcare requirements.
  • Data isolation: Enterprise client data is logically isolated from other client data within our infrastructure
  • Data ownership: Enterprise clients retain full ownership of their organizational data processed through our Platform

11. Third-Party Links and Integrations

Our Platform may contain links to third-party websites and services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. SigmaForge is not responsible for the privacy practices or content of any third-party sites.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or prominent Platform notice at least 30 days before changes take effect. The Last Updated date at the top of this policy indicates when it was most recently revised. Continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SigmaForge Inc.

221 W 9th Street, Suite 1062

Wilmington, DE 19801

Email: info@sigmaforge.ai

Website: www.sigmaforge.ai

We aim to respond to all privacy inquiries within 5 business days.